|
 |
2c8186 |
From 239e2397820f9fa7ef430ebef0947ec1246eb50f Mon Sep 17 00:00:00 2001
|
|
|
2c8186 |
From: Fabio M. Di Nitto <fdinitto@redhat.com>
|
|
|
2c8186 |
Date: Tue, 2 Sep 2014 13:03:43 +0200
|
|
|
2c8186 |
Subject: [PATCH] [crypto] fix crypto block rounding/padding calculation
|
|
|
2c8186 |
|
|
|
2c8186 |
libnss is "weird" in this respect as some block sizes are hardcoded,
|
|
|
2c8186 |
others need to be determined dynamically.
|
|
|
2c8186 |
|
|
|
2c8186 |
For AES we need to use the values we know since GetBlockSize would
|
|
|
2c8186 |
return errors, for 3des (that hopefully nobody is using) the value
|
|
|
2c8186 |
returned by GetBlockSize is 8, but let's use the call into libnss
|
|
|
2c8186 |
to avoid possible conflicts with distro patching or older versions.
|
|
|
2c8186 |
|
|
|
2c8186 |
Now, given the correct block size, the old calculation simply added
|
|
|
2c8186 |
block size to the hdr_size. This is not sufficient.
|
|
|
2c8186 |
|
|
|
2c8186 |
We use _PAD encryption methods and we need to take that into account.
|
|
|
2c8186 |
|
|
|
2c8186 |
_PAD is calculated given the current input buf len and rounded up
|
|
|
2c8186 |
to block size boundary, then block_size is added.
|
|
|
2c8186 |
|
|
|
2c8186 |
Ideally we would do that on a per packet base but current transport
|
|
|
2c8186 |
infrastructure doesn't allow it yet.
|
|
|
2c8186 |
|
|
|
2c8186 |
So round up the hdr_size to double the block_size reported by the
|
|
|
2c8186 |
cipher.
|
|
|
2c8186 |
|
|
|
2c8186 |
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
|
|
|
2c8186 |
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
|
|
|
2c8186 |
---
|
|
|
2c8186 |
exec/totemcrypto.c | 15 ++++++++++++++-
|
|
|
2c8186 |
1 files changed, 14 insertions(+), 1 deletions(-)
|
|
|
2c8186 |
|
|
|
2c8186 |
diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c
|
|
|
2c8186 |
index 69818b8..a97ba62 100644
|
|
|
2c8186 |
--- a/exec/totemcrypto.c
|
|
|
2c8186 |
+++ b/exec/totemcrypto.c
|
|
|
2c8186 |
@@ -666,6 +666,7 @@ size_t crypto_sec_header_size(
|
|
|
2c8186 |
int crypto_cipher = string_to_crypto_cipher_type(crypto_cipher_type);
|
|
|
2c8186 |
int crypto_hash = string_to_crypto_hash_type(crypto_hash_type);
|
|
|
2c8186 |
size_t hdr_size = 0;
|
|
|
2c8186 |
+ int block_size = 0;
|
|
|
2c8186 |
|
|
|
2c8186 |
hdr_size = sizeof(struct crypto_config_header);
|
|
|
2c8186 |
|
|
|
2c8186 |
@@ -675,7 +676,19 @@ size_t crypto_sec_header_size(
|
|
|
2c8186 |
|
|
|
2c8186 |
if (crypto_cipher) {
|
|
|
2c8186 |
hdr_size += SALT_SIZE;
|
|
|
2c8186 |
- hdr_size += cypher_block_len[crypto_cipher];
|
|
|
2c8186 |
+ if (cypher_block_len[crypto_cipher]) {
|
|
|
2c8186 |
+ block_size = cypher_block_len[crypto_cipher];
|
|
|
2c8186 |
+ } else {
|
|
|
2c8186 |
+ block_size = PK11_GetBlockSize(crypto_cipher, NULL);
|
|
|
2c8186 |
+ if (block_size < 0) {
|
|
|
2c8186 |
+ /*
|
|
|
2c8186 |
+ * failsafe. we can potentially lose up to 63
|
|
|
2c8186 |
+ * byte per packet, but better than fragmenting
|
|
|
2c8186 |
+ */
|
|
|
2c8186 |
+ block_size = 64;
|
|
|
2c8186 |
+ }
|
|
|
2c8186 |
+ }
|
|
|
2c8186 |
+ hdr_size += (block_size * 2);
|
|
|
2c8186 |
}
|
|
|
2c8186 |
|
|
|
2c8186 |
return hdr_size;
|
|
|
2c8186 |
--
|
|
|
2c8186 |
1.7.1
|
|
|
2c8186 |
|